[bug #36641] Crash when using ridiculously large target names
Update of bug #36641 (project make): Status:None = Duplicate Open/Closed:Open = Closed ___ Follow-up Comment #1: This is a duplicate of Savannah bug #35525. ___ Reply to this item at: http://savannah.gnu.org/bugs/?36641 ___ Message sent via/by Savannah http://savannah.gnu.org/ ___ Bug-make mailing list Bug-make@gnu.org https://lists.gnu.org/mailman/listinfo/bug-make
[bug #36641] Crash when using ridiculously large target names
URL: http://savannah.gnu.org/bugs/?36641 Summary: Crash when using ridiculously large target names Project: make Submitted by: None Submitted on: Tue 12 Jun 2012 05:16:49 PM UTC Severity: 3 - Normal Item Group: Bug Status: None Privacy: Public Assigned to: None Open/Closed: Open Discussion Lock: Any Component Version: 3.82 Operating System: Any Fixed Release: None Triage Status: None ___ Details: If the stem len is bigger than PATH_MAX, it results in a buffer over run: 455a456 unsigned int stemlen_copy; 494,495c495,497 strncpy (stem_str, stem, stemlen); stem_str[stemlen] = '\0'; --- stemlen_copy = stemlen sizeof(stem_str) ? sizeof(stem_str) : stemlen; strncpy (stem_str, stem, stemlen_copy); stem_str[stemlen_copy] = '\0'; ___ Reply to this item at: http://savannah.gnu.org/bugs/?36641 ___ Message sent via/by Savannah http://savannah.gnu.org/ ___ Bug-make mailing list Bug-make@gnu.org https://lists.gnu.org/mailman/listinfo/bug-make
Re: [bug #36641] Crash when using ridiculously large target names
On 6/12/12 10:16 AM, anonymous wrote: URL: http://savannah.gnu.org/bugs/?36641 Summary: Crash when using ridiculously large target names Project: make Submitted by: None Submitted on: Tue 12 Jun 2012 05:16:49 PM UTC Severity: 3 - Normal Item Group: Bug Status: None Privacy: Public Assigned to: None Open/Closed: Open Discussion Lock: Any Component Version: 3.82 Operating System: Any Fixed Release: None Triage Status: None ___ Details: If the stem len is bigger than PATH_MAX, it results in a buffer over run: 455a456 unsigned int stemlen_copy; 494,495c495,497 strncpy (stem_str, stem, stemlen); stem_str[stemlen] = '\0'; --- stemlen_copy = stemlen sizeof(stem_str) ? sizeof(stem_str) : stemlen; strncpy (stem_str, stem, stemlen_copy); stem_str[stemlen_copy] = '\0'; The proposed patch has yet another buffer overrun, off by one. -Rob ___ Bug-make mailing list Bug-make@gnu.org https://lists.gnu.org/mailman/listinfo/bug-make
